Currently, with the increased demand for mobile devices such as mobile telephones, smart phones, and tablet computers, more attention is being paid to the security of software and data on such devices. While techniques for securing standalone computer servers, desktop and laptop computers from malicious software are fairly well-established, improvements are needed in the security of mobile devices as more of these devices are introduced and as their technology changes.
In particular, as the Android operating system becomes more popular as a platform for mobile telephones, techniques are needed to improve security on this platform and prevent malicious software, or malware, from attacking a mobile telephone. Unfortunately, it can be difficult to implement data encryption, to perform behavior monitoring of software applications and to perform a real-time virus scan on Android platforms because of its operating system limitations. For example, every application in Android runs in a “sandbox” and it has its own private file folder; this is Android security model. No application has root privileges, so one cannot access files in these private folders and monitor their behavior. Therefore, it is difficult to implement this type of security on an Android device.
One technique has been proposed by LG Electronics, Inc. and VMware, Inc. which brings virtualization to an Android telephone. In addition to allowing a mobile telephone to run the Android operating system by default (with the user's personal telephone number), this technique allows an Android telephone to also run virtualization software on top of the native operating system. The virtualization software allows the telephone to have a separate work environment with a separate business telephone number, a separate work profile, and a separate work account run in isolation from the user's personal account. The “work” environment of the telephone would remain separate from the user's personal data, personal application and settings, but the user is able to switch back and forth. Technically, the virtualization environment runs installed applications in a “sandbox” which provides the data isolation.
Unfortunately, any application provider must work closely with the telephone manufacturer in order to gain system-level or even kernel-level access to the telephone. Further, this technique cannot be generally applied to other telephones. In addition, another disadvantage is that because mobile devices typically have limited computing power and memory, the virtualization technology such as this one has a big impact on system performance.
Accordingly, further improvements are needed in this area to provide for better security of more mobile devices while not compromising on performance.